The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL() or DBFile::getSourceURL() incorrectly add an access grant to the current session, which bypasses file permissions. This usually happens when creating an image variant, for example using a m…

CVSS: 5.3 · CWE: CWE-863

View on NVD

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitized on the client-side, but server-side sanitization doesn't catch it. The server-s…

CVSS: 5.4 · CWE: CWE-79

View on NVD

Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability is specific to that report and is a result of failure to cast input prior to including it in the grid f…

CVSS: 5.4 · CWE: CWE-79

View on NVD

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included…

CVSS: 5.4 · CWE: CWE-79

View on NVD

silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website. This issue has been addressed in si…

CVSS: 5.4 · CWE: CWE-79

View on NVD

Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS could add send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't ca…

CVSS: 5.4 · CWE: CWE-79

View on NVD

silverstripe/reports is an API for creating backend reports in the Silverstripe Framework. In affected versions reports can be accessed by their direct URL by any user who has access to view the reports admin section, even if the `canView()` method for that report returns `false`. This issue has been addressed in version 5.2.3. All users are advised to upgrade. There are no known workarounds for…

CVSS: 4.3 · CWE: CWE-200

View on NVD

Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a `ModelAdmin` can still edit or delete records using the CSV import form, provided they have create permissions. The likelihood of a user having create p…

CVSS: 4.3 · CWE: CWE-863

View on NVD

Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue.

CVSS: 4.3 · CWE: CWE-200

View on NVD

The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, `canView` permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if…

CVSS: 5.3 · CWE: CWE-863

View on NVD

silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required…

CVSS: 7.5 · CWE: CWE-400

View on NVD

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.

CVSS: 5.4 · CWE: CWE-601

View on NVD

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.

CVSS: 4.3 · CWE: CWE-862

View on NVD

Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a Cross-Site Scripting attack. The vulnerability was initially patched in version 1.0.2, and version 1.1.0 incl…

CVSS: 6.1 · CWE: CWE-79

View on NVD

`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with particularly large/complex graphql schemas. Users should upgrade to `silverstripe/graphql` 4.2.3 or 4…

CVSS: 7.5 · CWE: CWE-770

View on NVD

A vulnerability was found in webbuilders-group silverstripe-kapost-bridge 0.3.3. It has been declared as critical. Affected by this vulnerability is the function index/getPreview of the file code/control/KapostService.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 0.4.0 is able to address this issue. The patch is named 2e14b0fd0ea35034f9089…

CVSS: 6.3 · CWE: CWE-89

View on NVD

Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions.

CVSS: 7.5 · CWE: CWE-732

View on NVD

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).

CVSS: 5.4 · CWE: CWE-79

View on NVD

Silverstripe silverstripe/cms through 4.11.0 allows XSS.

CVSS: 5.4 · CWE: CWE-79

View on NVD

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view.

CVSS: 5.4 · CWE: CWE-79

View on NVD

Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).

CVSS: 5.4 · CWE: CWE-79

View on NVD

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.

CVSS: 5.4 · CWE: CWE-79

View on NVD

Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.

CVSS: 5.4 · CWE: CWE-79

View on NVD

Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request.

CVSS: 6.1 · CWE: CWE-79

View on NVD

Silverstripe silverstripe/framework through 4.11 allows SQL Injection.

CVSS: 8.8 · CWE: CWE-89

View on NVD

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3).

CVSS: 5.4 · CWE: CWE-79

View on NVD

In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR).

CVSS: 5.4 · CWE: CWE-79

View on NVD

Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content.

CVSS: 4.3 · CWE: CWE-287

View on NVD

Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code.

CVSS: 5.4 · CWE: CWE-79

View on NVD

Silverstripe silverstripe/framework through 4.10 allows Session Fixation.

CVSS: 6.5 · CWE: CWE-384

View on NVD

Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.

CVSS: 6.5 · CWE: CWE-776

View on NVD

silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as completed without payment being taken. This is mitigated by the fact that most payment gatew…

CVSS: 3.7 · CWE: CWE-436

View on NVD

Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass.

CVSS: 4.3 · CWE: CWE-863

View on NVD

SilverStripe Framework through 4.8.1 allows XSS.

CVSS: 6.1 · CWE: CWE-79

View on NVD

In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication.

CVSS: 6.5 · CWE: CWE-287

View on NVD

In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation.

CVSS: 5.3 · CWE: CWE-20

View on NVD

SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom…

CVSS: 4.8 · CWE: CWE-611

View on NVD

A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL.

CVSS: 6.1 · CWE: CWE-79

View on NVD

silverstripe-advancedreports (aka the Advanced Reports module for SilverStripe) 1.0 through 2.0 is vulnerable to Cross-Site Scripting (XSS) because it is possible to inject and store malicious JavaScript code. The affects admin/advanced-reports/DataObjectReport/EditForm/field/DataObjectReport/item (aka report preview) when an SVG document is provided in the Description parameter.

CVSS: 6.1 · CWE: CWE-79

View on NVD

In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.

CVSS: 5.4 · CWE: CWE-79

View on NVD

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Uploads stored as protected or draft files are allowed by default for authorised users only, but can also…

CVSS: 8.8 · CWE: CWE-434

View on NVD

SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against lists that are limited (e.g., through pagination), resulting in records that should have failed a permission check being adde…

CVSS: 5.3 · CWE: CWE-276

View on NVD

In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As…

CVSS: 7.5 · CWE: N/A

View on NVD

Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return unexpected responses to other consumers of this cached response. Most other headers associated with web cac…

CVSS: 5.9 · CWE: CWE-444

View on NVD

In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is installed and enabled by default on the Common Web Platform (CWP). The vulnerability only affects files…

CVSS: 7.5 · CWE: CWE-434

View on NVD

In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations,

CVSS: 8.8 · CWE: CWE-352

View on NVD

SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools.

CVSS: 4.3 · CWE: CWE-352

View on NVD

SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials…

CVSS: 6.1 · CWE: CWE-79

View on NVD

In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because t…

CVSS: 5.3 · CWE: N/A

View on NVD

In SilverStripe assets 4.0, there is broken access control on files.

CVSS: 5.3 · CWE: CWE-552

View on NVD

In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS.

CVSS: 5.4 · CWE: CWE-79

View on NVD

In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution.

CVSS: 2.7 · CWE: N/A

View on NVD

SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension.

CVSS: 5.3 · CWE: CWE-732

View on NVD

SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS.

CVSS: 6.1 · CWE: CWE-79

View on NVD

In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access.

CVSS: 9.8 · CWE: N/A

View on NVD

SilverStripe through 4.3.3 allows session fixation in the "change password" form.

CVSS: 6.3 · CWE: CWE-384

View on NVD

SQL injection vulnerability in silverstripe/restfulserver module 1.0.x before 1.0.9, 2.0.x before 2.0.4, and 2.1.x before 2.1.2 and silverstripe/registry module 2.1.x before 2.1.1 and 2.2.x before 2.2.1 allows attackers to execute arbitrary SQL commands.

CVSS: 9.8 · CWE: CWE-89

View on NVD

All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject.

CVSS: 9.8 · CWE: CWE-89

View on NVD

In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software (including Microsoft Excel). For example, the CSV data may contain untrusted user input from the "First Name" field of a user's /myprofile page.

CVSS: 5.5 · CWE: CWE-74

View on NVD

Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks.

CVSS: 5.3 · CWE: CWE-200

View on NVD

SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017.

CVSS: 6.1 · CWE: CWE-79

View on NVD

There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element.

CVSS: 6.1 · CWE: CWE-79

View on NVD

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm.

CVSS: 6.1 · CWE: CWE-79

View on NVD

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php.

CVSS: 4.3 · CWE: CWE-79

View on NVD

Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build.

CVSS: 5.8 · CWE: N/A

View on NVD

Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as demonstrated by a request to (1) admin/reports/, (2) admin/comments/, (3) admin/, (4) admin/show/, (5) admin/assets/, and (6) admin/security/.

CVSS: 4.3 · CWE: CWE-79

View on NVD

security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653.

CVSS: 5.0 · CWE: CWE-200

View on NVD

security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote attackers to conduct phishing attacks without detection by the victim.

CVSS: 5.8 · CWE: CWE-20

View on NVD

Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName, (2) Surname, or (3) Email parameter to code/forms/OrderFormAddress.php; or the (4) FirstName or (5) Surname parameter to code/forms/ShopAccountForm.php.

CVSS: 4.3 · CWE: CWE-79

View on NVD

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted string to the AbsoluteLinks, (2) BigSummary, (3) ContextSummary, (4) EscapeXML, (5) FirstParagraph, (6) FirstSentence, (7) Initial, (8) LimitCharacters, (9) LimitSentences, (10) LimitWordCount, (11) LimitWord…

CVSS: 4.3 · CWE: CWE-79

View on NVD

code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.

CVSS: 6.8 · CWE: CWE-20

View on NVD

SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote authenticated users with the EDIT_PERMISSIONS permission to gain administrator privileges via a TreeMultiselectField that includes admin groups when adding a user to the selected groups.

CVSS: 6.0 · CWE: CWE-264

View on NVD

SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS: 7.5 · CWE: CWE-89

View on NVD

SQL injection vulnerability in the addslashes method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6, when connected to a MySQL database using far east character encodings, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS: 6.8 · CWE: CWE-89

View on NVD

SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.

CVSS: 5.0 · CWE: CWE-310

View on NVD

SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain version information via a direct request to (1) apphire/silverstripe_version or (2) cms/silverstripe_version.

CVSS: 5.0 · CWE: CWE-264

View on NVD

SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when the Translatable extension is enabled, allows remote attackers to execute arbitrary SQL commands via the locale parameter.

CVSS: 6.8 · CWE: CWE-89

View on NVD

Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when custom error handling is not used, allows remote attackers to inject arbitrary web script or HTML via "missing URL actions."

CVSS: 4.3 · CWE: CWE-79

View on NVD

core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in "live mode," allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters.

CVSS: 4.3 · CWE: CWE-200

View on NVD

SilverStripe 2.3.x before 2.3.6 allows remote attackers to obtain sensitive information via the (1) debug_memory parameter to core/control/Director.php or (2) debug_profile parameter to main.php.

CVSS: 5.0 · CWE: CWE-200

View on NVD

SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running on servers with certain configurations, allows remote attackers to obtain sensitive information via a direct request to PHP files in the (1) sapphire, (2) cms, or (3) mysite folders, which reveals the installation path in an error message.

CVSS: 4.3 · CWE: CWE-200

View on NVD

Cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x before 2.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to DataObjectSet pagination.

CVSS: 4.3 · CWE: CWE-79

View on NVD

The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and "disrupt mod_rewrite-less URL routing."

CVSS: 5.0 · CWE: CWE-264

View on NVD

Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before 2.3.7 allows remote attackers to hijack user accounts by saving data using the email address (ID) of another user.

CVSS: 5.0 · CWE: CWE-264

View on NVD

The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database.

CVSS: 1.9 · CWE: CWE-255

View on NVD

The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file.

CVSS: 6.0 · CWE: CWE-94

View on NVD

SilverStripe before 2.4.2 allows remote authenticated users to change administrator passwords via vectors related to admin/security.

CVSS: 4.0 · CWE: CWE-264

View on NVD

SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information.

CVSS: 4.3 · CWE: CWE-264

View on NVD

Multiple cross-site request forgery (CSRF) vulnerabilities in SilverStripe 2.3.x before 2.3.9 and 2.4.x before 2.4.3 allow remote attackers to hijack the authentication of administrators via destructive controller actions, a different vulnerability than CVE-2010-5087.

CVSS: 6.8 · CWE: CWE-352

View on NVD

SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators via vectors related to "form action requests" using a controller.

CVSS: 5.0 · CWE: CWE-264

View on NVD

The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HTTP referer leakage."

CVSS: 6.8 · CWE: CWE-255

View on NVD

Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information.

CVSS: 2.1 · CWE: CWE-79

View on NVD

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (2) the Search parameter to forums/search (aka the search script).

CVSS: 4.3 · CWE: CWE-79

View on NVD

SQL injection vulnerability in SilverStripe before 2.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to AjaxUniqueTextField.

CVSS: 7.5 · CWE: CWE-89

View on NVD

SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter.

CVSS: 7.5 · CWE: CWE-89

View on NVD

Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors.

CVSS: 10.0 · CWE: N/A

View on NVD